From ae3e932f0390f860e5d6aa0cb4cac616879910ae Mon Sep 17 00:00:00 2001 From: Jamie Zieziula Date: Thu, 26 Sep 2024 20:39:22 -0400 Subject: [PATCH] Automate Helm Chart release on `operator` release (#97) * linting, automate hc release, drop unneccessary code * only do this on tag * break out unit tests to their own file * add neccessary permissions * grant permissions to unit test job * fix indents * fix whitespacing * remove docker builds on prs * only call tests from release file for now * drop permissions on static-analysis workflow * more linting --------- Co-authored-by: jamie zieziula --- .github/workflows/helm-release.yaml | 15 ++----- .github/workflows/helm-unittest.yaml | 1 - .github/workflows/labeler.yaml | 2 +- .github/workflows/release.yaml | 39 +++++++------------ .github/workflows/static-analysis.yaml | 9 ++++- .github/workflows/tests.yaml | 33 ++++++++++++++++ .github/workflows/update-helm-versions.yaml | 16 ++++---- .../workflows/validate-updatecli-config.yaml | 2 - 8 files changed, 66 insertions(+), 51 deletions(-) create mode 100644 .github/workflows/tests.yaml diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index 77df1f6..3f575ae 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -28,12 +28,12 @@ jobs: run: | # Enable pipefail so git command failures do not result in null versions downstream set -x - echo "RELEASE_VERSION=$(date +'%Y.%-m.%-d%H%M%S')" >> $GITHUB_OUTPUT + echo "RELEASE_VERSION=$(date +'%Y.%-m.%-d%H%M%S')" >> $GITHUB_ENV # This ensures that the latest tag we grab will be of the operator image, and not the helm chart echo "IMAGE_VERSION=$(\ git ls-remote --tags --refs --sort="v:refname" \ - origin 'v[0-9].[0-9].[0-9]' | tail -n1 | sed 's/.*\///' | sed 's/v//')" >> $GITHUB_OUTPUT + origin 'v[0-9].[0-9].[0-9]' | tail -n1 | sed 's/.*\///' | sed 's/v//')" >> $GITHUB_ENV - name: Configure Git run: | @@ -77,11 +77,6 @@ jobs: --sign --key 'jamie@prefect.io' \ --keyring $SIGN_KEYRING \ --passphrase-file $SIGN_PASSPHRASE_FILE - env: - IMAGE_VERSION: ${{ steps.get_version.outputs.IMAGE_VERSION }} - RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} - SIGN_KEYRING: ${{ env.SIGN_KEYRING }} - SIGN_PASSPHRASE_FILE: ${{ env.SIGN_PASSPHRASE_FILE }} - name: Update chart index run: | @@ -96,8 +91,6 @@ jobs: git add ./index.yaml ./charts/prefect-operator-$RELEASE_VERSION.* ./charts/ git commit -m "Release $RELEASE_VERSION" git push origin gh-pages - env: - RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} - name: Create Github Release + Tag run: | @@ -106,6 +99,4 @@ jobs: --notes "Packaged with prefect-operator version \ [v$IMAGE_VERSION](https://github.com/PrefectHQ/prefect-operator/releases/tag/v$IMAGE_VERSION)" env: - IMAGE_VERSION: ${{ steps.get_version.outputs.IMAGE_VERSION }} - GITHUB_TOKEN: ${{ github.token }} - RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} + GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/helm-unittest.yaml b/.github/workflows/helm-unittest.yaml index f7efad3..7224092 100644 --- a/.github/workflows/helm-unittest.yaml +++ b/.github/workflows/helm-unittest.yaml @@ -10,7 +10,6 @@ name: Run Helm unit tests paths: - deploy/charts/** -# Do not grant jobs any permissions by default permissions: {} jobs: diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 06731c9..d06afec 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -6,7 +6,7 @@ name: Labeler - opened jobs: - apply-label: + apply_label: runs-on: ubuntu-latest steps: - name: Apply prefect-operator label to all issues diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2a92f57..483611c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,5 +1,5 @@ --- -name: prefect-operator release +name: Release Prefect Operator "on": push: @@ -14,30 +14,16 @@ name: prefect-operator release permissions: {} jobs: - unit-tests: - name: Unit tests - runs-on: ubuntu-latest + run_unit_tests: + uses: ./.github/workflows/tests.yaml permissions: + # required by downstream jobs contents: read - steps: - - name: Check out code - uses: actions/checkout@v4 - - name: Install tool dependencies - uses: jdx/mise-action@v2 - with: - experimental: true - - - name: Build - run: make build - - - name: Test - run: make test - - build-and-upload-manifests: + build_and_upload_manifests: if: github.ref_type == 'tag' - needs: unit-tests permissions: + # required to write artifacts to a release contents: write runs-on: ubuntu-latest steps: @@ -67,12 +53,9 @@ jobs: yq -i '(.. | select(tag == "!!str" and . == "v0.0.0")) |= "${{ github.ref_name }}"' prefect-operator.yaml - name: Upload release assets - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: gh release upload ${{ github.ref_name }} prefect-crds.yaml prefect-operator.yaml - build-and-push-docker-image: - needs: unit-tests + build_and_push_docker_image: runs-on: ubuntu-latest # The GitHub environments are created by Terraform and map to Docker Hub repositories: # - dev: https://hub.docker.com/r/prefecthq/prefect-operator-dev @@ -117,3 +100,11 @@ jobs: push: true tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} + + create_helm_release: + if: github.ref_type == 'tag' + permissions: + # required by downstream jobs + contents: write + needs: build_and_push_docker_image + uses: ./.github/workflows/helm-release.yaml diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml index 6d0a5dd..71dd5c6 100644 --- a/.github/workflows/static-analysis.yaml +++ b/.github/workflows/static-analysis.yaml @@ -2,7 +2,9 @@ name: Static analysis "on": - pull_request: + pull_request: {} + +permissions: {} # Limit concurrency by workflow/branch combination. # @@ -18,9 +20,12 @@ concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} jobs: - pre-commit-checks: + pre_commit_checks: name: pre-commit checks runs-on: ubuntu-latest + permissions: + # required to read from the repo + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml new file mode 100644 index 0000000..8edfe0a --- /dev/null +++ b/.github/workflows/tests.yaml @@ -0,0 +1,33 @@ +--- +name: Unit tests + +"on": + workflow_call: {} + +permissions: {} + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + unit_tests: + name: Unit tests + runs-on: ubuntu-latest + permissions: + # required to read from the repo + contents: read + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Install tool dependencies + uses: jdx/mise-action@v2 + with: + experimental: true # enables the go installation backend + + - name: Build + run: make build + + - name: Test + run: make test diff --git a/.github/workflows/update-helm-versions.yaml b/.github/workflows/update-helm-versions.yaml index 17325dd..f0db8b4 100644 --- a/.github/workflows/update-helm-versions.yaml +++ b/.github/workflows/update-helm-versions.yaml @@ -2,7 +2,7 @@ name: Updatecli dependency updates "on": - workflow_dispatch: + workflow_dispatch: {} schedule: # The first of each month at 10am EST - cron: 0 15 1 * * @@ -13,7 +13,7 @@ jobs: updatecli: runs-on: ubuntu-latest permissions: - # required to write to the repo + # required to commit to a branch contents: write # required to open a pr with updatecli changes pull-requests: write @@ -30,24 +30,22 @@ jobs: id: date run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT - - name: create branch for helm version updates + - name: Create branch for helm version updates run: | git checkout -b "helm-version-${{ steps.date.outputs.date }}" - - name: install updatecli in the runner + - name: Install updatecli in the runner uses: updatecli/updatecli-action@v2 - - name: run updatecli in apply mode + - name: Run updatecli in apply mode run: | updatecli apply --config .github/updatecli/manifest.yaml git commit -am "helm-version-${{ steps.date.outputs.date }}" git push --set-upstream origin "helm-version-${{ steps.date.outputs.date }}" - env: - GITHUB_TOKEN: ${{ github.token }} - - name: create pr + - name: Create pr run: | git checkout "helm-version-${{ steps.date.outputs.date }}" gh pr create --base main --title "helm-version-bump-${{ steps.date.outputs.date }}" -b "please run helm-docs locally to update chart readmes" --label dependencies env: - GITHUB_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/validate-updatecli-config.yaml b/.github/workflows/validate-updatecli-config.yaml index 96af7df..891259a 100644 --- a/.github/workflows/validate-updatecli-config.yaml +++ b/.github/workflows/validate-updatecli-config.yaml @@ -28,5 +28,3 @@ jobs: - name: run updatecli diff to validate config run: | updatecli diff --config .github/updatecli/manifest.yaml - env: - GITHUB_TOKEN: ${{ github.token }}